The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/5a4096e8-abe4-41c4-b741-c44e740e8689 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-02-06T19:59:20.610Z
Updated:
Reserved: 2022-12-23T09:51:08.537Z
Link: CVE-2022-4681
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-06T20:15:11.987
Modified: 2023-11-07T03:58:35.313
Link: CVE-2022-4681
JSON object: View
Redhat Information
No data.
CWE
No CWE.